Module: sip-router
Branch: janakj/postgres
Commit: 5bea0d904ef95a2813c10c7d77f1d1a03959f29d
URL:
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=5bea0d9…
Author: Henning Westerholt <henning.westerholt(a)1und1.de>
Committer: Henning Westerholt <henning.westerholt(a)1und1.de>
Date: Mon Feb 11 14:40:27 2008 +0000
- bugfix for (small) potential buffer overflow in BLOB escaping
git-svn-id:
https://openser.svn.sourceforge.net/svnroot/openser/trunk@3680
689a6050-402a-0410-94f2-e92a70836424
---
modules/db_postgres/km_db_val.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/modules/db_postgres/km_db_val.c b/modules/db_postgres/km_db_val.c
index ee0e45c..c5b914b 100644
--- a/modules/db_postgres/km_db_val.c
+++ b/modules/db_postgres/km_db_val.c
@@ -263,6 +263,7 @@ int db_postgres_val2str(const db_con_t* _con, const db_val_t* _v,
char* _s, int*
case DB_BLOB:
l = VAL_BLOB(_v).len;
+ /* this estimation is not always correct, thus we need to check later again */
if (*_len < (l * 2 + 3)) {
LM_ERR("destination buffer too short for blob\n");
return -7;
@@ -275,6 +276,10 @@ int db_postgres_val2str(const db_con_t* _con, const db_val_t* _v,
char* _s, int*
LM_ERR("PQescapeBytea failed\n");
return -7;
}
+ if (tmp_len > *_len) {
+ LM_ERR("escaped result too long\n");
+ return -7;
+ }
memcpy(_s, tmp_s, tmp_len);
PQfreemem(tmp_s);
tmp_len = strlen(_s);